Organizations from various industries across the globe are increasingly hip to the magnitude of the problem posed by data breaches, with 44% of them feeling “very” or “extremely” vulnerable to data threats, according to some of the key takeaways from the global edition of Thales’ 2018 Data Threat Report.
This is a sharp increase from 30% just one year ago. In the United States alone, the ratio nearly doubled – from 29% to a full 53% this year. In total, 91% – up from 88% in the 2017 report – admitted to feeling some degree of vulnerability to data breaches.
The report, now in its 6th edition, sheds light on the extent of data breaches at medium and larger enterprises worldwide. The report is underpinned by a survey that Thales, a French multinational aerospace and defense technology provider, carried out together with 451 Research. It polled 1,200 senior IT executives from various sectors in Germany, Japan, India, the Netherlands, Sweden, South Korea, the United Kingdom, and the US.
A record-high proportion of organizations worldwide (67%) said that they had been breached at some point, up from 56% in the report’s previous edition.
When only the past 12 months are considered, as many as 36% of organizations globally (and 46% percent in the US alone) have suffered a breach. This is up from 26 percent worldwide in the report’s previous edition. A total of 15% of enterprises have had this experience repeatedly, having suffered breaches both in the last year and earlier.
New environments, new challenges
The increased exposure to data threats in general comes in part down to the rush to adopt new environments that engender fresh risks. Also to blame, according to Thales, is “a failure to adopt modern data security methods for existing data sets”.
Virtually all organizations have embraced cloud technology. Big data (99%), the Internet-of-Things (IoT) technologies (94%) and Blockchain (92%) are also inching close to universal adoption. Nearly all (94%) enterprises use sensitive data within such digitally transformative technologies.
The report suggests a three-pronged approach to stem the tide of data breaches – data encryption, access control on a need-to-know basis, and keeping a close eye on data usage and access patterns.
It found that the greatest proportion of the respondents (77%) rated data-at-rest defenses (encryption, tokenization, etc.) as the most effective tool for protecting data. And yet, from among five types of technology under review, data-at-rest security receives the lowest increase in planned spending.
The report also notes two legislative landmarks that have been introduced by the EU. The General Data Protection Regulation (GDPR) affects any company processing or collecting the data of a European Union citizen, regardless of where the company is based. The revised Payment Services Directive (PSD2), for its part, is effectively breaking down the monopoly of banks on their customers’ data.